🏳️Openwall - bringing security into open computing environments

Website faviconopenwall.com

Information Security software for open computing environments, related publications, and professional services

[](/)

*   [Products](/)

    *   [Openwall GNU/\*/Linux   _server OS_](/Owl/)

    *   [Linux Kernel Runtime Guard](/lkrg/)

    *   [John the Ripper   _password cracker_](/john/)

        *   [Free & Open Source for any platform](/john/)

        *   [in the cloud](/john/cloud/)

        *   [Pro for Linux](/john/pro/linux/)

        *   [Pro for macOS](/john/pro/macosx/)

    *   [Wordlists   _for password cracking_](/wordlists/)

    *   [passwdqc   _policy enforcement_](/passwdqc/)

        *   [Free & Open Source for Unix](/passwdqc/)

        *   [Pro for Windows (Active Directory)](/passwdqc/windows/)

    *   [yescrypt   _KDF & password hashing_](/yescrypt/)

    *   [yespower   _Proof-of-Work (PoW)_](/yespower/)

    *   [crypt\_blowfish   _password hashing_](/crypt/)

    *   [phpass   _ditto in PHP_](/phpass/)

    *   [tcb   _better password shadowing_](/tcb/)

    *   [Pluggable Authentication Modules](/pam/)

    *   [scanlogd   _port scan detector_](/scanlogd/)

    *   [popa3d   _tiny POP3 daemon_](/popa3d/)

    *   [blists   _web interface to mailing lists_](/blists/)

    *   [msulogin   _single user mode login_](/msulogin/)

    *   [php\_mt\_seed   _mt\_rand() cracker_](/php_mt_seed/)

*   [Services](/services/)

*   Publications

    *   [Articles](/articles/)

    *   [Presentations](/presentations/)

*   Resources

    *   [Mailing lists](/lists/)

    *   [Community wiki](https://openwall.info/wiki/)

    *   [Source code repositories (GitHub)](https://github.com/openwall)

    *   [Source code repositories (CVSweb)](https://cvsweb.openwall.com)

    *   [File archive & mirrors](/mirrors/)

    *   [How to verify digital signatures](/signatures/)

    *   [OVE IDs](/ove/)

*   [What's new](/news)

[Follow @Openwall on Twitter for new release announcements and other news](https://twitter.com/openwall)

Software you can find here ([what's new?](#news)):

*   [Openwall GNU/\*/Linux security-enhanced Linux distribution for servers](/Owl/)

*   [Linux Kernel Runtime Guard](/lkrg/) (on its own website)  

*   [John the Ripper password cracker for Linux, Mac, Windows, ...](/john/)  

    (and [wordlists](/wordlists/) for use with it and with other tools)  

*   [passwdqc - password strength checking and enforcement for servers](/passwdqc/)  

    (and more [PAM modules](/pam/))

*   [yescrypt - modern password-based KDF and password hashing](/yescrypt/)

*   [yespower - proof-of-work (PoW) scheme](/yespower/)

*   [crypt\_blowfish - bcrypt password hashing for C/C++ programs and servers](/crypt/)

*   [phpass - password hashing for PHP applications](/phpass/)

*   [tcb suite - our alternative password shadowing scheme](/tcb/)  

*   [scanlogd port scan detection tool](/scanlogd/)

*   [popa3d tiny POP3 server designed with security in mind](/popa3d/)

*   [blists web interface to mailing list archives that works off indexed mbox files](/blists/)

*   [msulogin single user mode login program](/msulogin/)  

*   [php\_mt\_seed - PHP mt\_rand() seed cracker](/php_mt_seed/)

October 23, 2024  

[LKRG](/lkrg/) 0.9.9 [is out](/lists/announce/2024/10/23/1), adding support for new Linux kernels 6.11+, 6.10.10+, 5.10.220+, as well as new CentOS Stream 9 (upcoming RHEL 9.5).

August 21, 2024  

[Announcing yescrypt-go](/lists/announce/2024/08/21/1), our pure Go reimplementation of [yescrypt](/yescrypt/) key derivation function (KDF) and password hashing scheme.

May 14, 2024  

We've just [published the slides](/lists/announce/2024/05/14/1) of Solar Designer's OffensiveCon 2024 keynote talk "Password cracking: past, present, future".

March 4, 2024  

We've just [published the slides](/lists/announce/2024/03/04/1) of Solar Designer's talk "Linux kernel remote logging: approaches, challenges, implementation" from BSidesZagreb 2024.

February 28, 2024  

[LKRG](/lkrg/) 0.9.8 [is out](/lists/announce/2024/02/28/1), adding a remote kernel message logging capability.

September 14, 2023  

[LKRG](/lkrg/) 0.9.7 [is out](/lists/announce/2023/09/14/1), adding support for Linux 6.4 to 6.5.x and hopefully beyond, as well as for new RHEL 9.1 and 9.2 kernels.

June 25, 2023  

[passwdqc](/passwdqc/) 2.0.3 [is out](/lists/announce/2023/06/25/1), adding Cygwin support, pkg-config file, and assorted minor changes.  

Also available is a corresponding update of [passwdqc for Windows](/passwdqc/windows/), adding password policy bypass for system-generated passwords for KRBTGT accounts.  

Finally, the pre-generated leaked password filter files have been updated (quite a while ago) to include HIBP v8, encoding the 847+ million unique passwords (from billions of accounts) in a 3.3 GiB (3.5 GB) file.

[More news](#news)

Openwall software releases and other related files are also available from the [Openwall file archive](https://download.openwall.net) and its [mirrors](/mirrors/). You are encouraged to use the mirrors, but be sure to verify the [signatures](/signatures/) on software you download.

The more experienced users and software developers can browse through the source code for most pieces of Openwall software along with revision history information for each source file in our [GitHub organization](https://github.com/openwall) and on our [CVSweb server](https://cvsweb.openwall.com).

We publish [articles](/articles/), make [presentations](/presentations/), and offer [professional services](/services/).

We also maintain a [wordlists collection](/wordlists/) for use with password crackers such as [John the Ripper](/john/) and with password recovery utilities.

Finally, we host community resources such as [mailing lists](/lists/) and [wiki](https://openwall.info/wiki/) for users of Openwall software and for other Open Source and computer security folks.

If you would like to be notified of updates to this website and the packages hosted here, please subscribe to the announcement mailing list by entering your e-mail address below or by sending an empty message to **<announce-subscribe at lists.openwall.com>**. You will be required to confirm your subscription by "replying" to the automated confirmation request that will be sent to you. You will be able to unsubscribe at any time and we will not use your e-mail address for any other purpose or share it with a third party. The list traffic is very low (typically 1 to 5 messages a month). You can [review past announcements here](/lists/announce/).

 Your e-mail address:   

You can also [follow us on Twitter](https://twitter.com/openwall).

October 23, 2024  

[LKRG](/lkrg/) 0.9.9 [is out](/lists/announce/2024/10/23/1), adding support for new Linux kernels 6.11+, 6.10.10+, 5.10.220+, as well as new CentOS Stream 9 (upcoming RHEL 9.5).

August 21, 2024  

[Announcing yescrypt-go](/lists/announce/2024/08/21/1), our pure Go reimplementation of [yescrypt](/yescrypt/) key derivation function (KDF) and password hashing scheme.

May 14, 2024  

We've just [published the slides](/lists/announce/2024/05/14/1) of Solar Designer's OffensiveCon 2024 keynote talk "Password cracking: past, present, future".

March 4, 2024  

We've just [published the slides](/lists/announce/2024/03/04/1) of Solar Designer's talk "Linux kernel remote logging: approaches, challenges, implementation" from BSidesZagreb 2024.

February 28, 2024  

[LKRG](/lkrg/) 0.9.8 [is out](/lists/announce/2024/02/28/1), adding a remote kernel message logging capability.

September 14, 2023  

[LKRG](/lkrg/) 0.9.7 [is out](/lists/announce/2023/09/14/1), adding support for Linux 6.4 to 6.5.x and hopefully beyond, as well as for new RHEL 9.1 and 9.2 kernels.

June 25, 2023  

[passwdqc](/passwdqc/) 2.0.3 [is out](/lists/announce/2023/06/25/1), adding Cygwin support, pkg-config file, and assorted minor changes.  

Also available is a corresponding update of [passwdqc for Windows](/passwdqc/windows/), adding password policy bypass for system-generated passwords for KRBTGT accounts.  

Finally, the pre-generated leaked password filter files have been updated (quite a while ago) to include HIBP v8, encoding the 847+ million unique passwords (from billions of accounts) in a 3.3 GiB (3.5 GB) file.

June 21, 2023  

We've just published the [slides](/presentations/SSTIC-BSidesLjubljana2023-oss-security/) of [Solar Designer's opening keynote talk at SSTIC and its revision at BSidesLjubljana](/lists/announce/2023/06/21/1), entitled "15+ years of [oss-security](/lists/oss-security/)".

March 2, 2023  

[John the Ripper in the cloud](/john/cloud/) has been [updated](/lists/announce/2023/03/02/1) to use the latest JtR jumbo on freshly updated Amazon Linux 2 with a newer NVIDIA GPU driver. Many new AWS instance types are now supported.

December 14, 2022  

[LKRG](/lkrg/) 0.9.6 [is out](/lists/announce/2022/12/14/1), adding support for Linux 6.1, RHEL 8.7, current CentOS Stream 9 (upcoming RHEL 9.2), along with a variety of other changes for portability, robustness, and extra security checks.

August 1, 2022  

[LKRG](/lkrg/) 0.9.5 [is out](/lists/announce/2022/08/01/1), adding support for new longterm kernels 5.10.133+ and reworked support for OverlayFS (Docker).

July 22, 2022  

[LKRG](/lkrg/) 0.9.4 [is out](/lists/announce/2022/07/22/1), featuring more consistent log messages suitable for both automated analysis and human consumption, as well as adding support for more longterm Linux kernels and for the OpenRC init system.

April 21, 2022  

[LKRG](/lkrg/) 0.9.3 [is out](/lists/announce/2022/04/21/1), adding support for latest Linux kernels, latest CentOS Stream 8/9 and upcoming RHEL 8.6+, openSUSE Leap, and loading into older Xen PV guests.

December 29, 2021  

[LKRG](/lkrg/) 0.9.2 [is out](/lists/announce/2021/12/29/1), adding support for new Linux kernels, and assorted bug fixes and enhancements.

April 27, 2021  

[LKRG](/lkrg/) 0.9.1 [is out](/lists/announce/2021/04/27/1), addressing various issues reported against the 0.9.0 release.

April 12, 2021  

[LKRG](/lkrg/) 0.9.0 [is out](/lists/announce/2021/04/12/1), with support for new Linux kernels, optionally building LKRG in kernel tree, Continuous Integration (boot tests in VMs, including with Ubuntu's daily updated mainline kernels), and much more.

April 4, 2021  

[passwdqc](/passwdqc/) 2.0.2 [is out](/lists/announce/2021/04/04/1), improving the formatting of auto-generated policy descriptions and adding the libpasswdqc(3) manual page.

March 10, 2021  

Two minor updates:  

[passwdqc](/passwdqc/) [2.0.1](/lists/announce/2021/03/10/1) offers improved auto-generated password/passphrase policy descriptions.  

[scanlogd](/scanlogd/) [2.2.8](/lists/announce/2021/03/10/2) builds cleanly with recent glibc.

February 18, 2021  

[passwdqc](/passwdqc/) 2.0.0 [is out](/lists/announce/2021/02/18/1), adding support for external wordlist, denylist, and binary filter files (improved cuckoo filters).

January 11, 2021  

After 10 years since the previous release, we've just [released](/lists/announce/2021/01/11/1) version 1.2 of [tcb](/tcb/), implementation of our alternative password shadowing scheme. Changes include libxcrypt and recent glibc support, translated (non-English) messages support, and dropping of NIS/NIS+ support.

August 18, 2020  

We've just [republished](/lists/announce/2020/08/18/1) the slides of [LKRG in a nutshell](/presentations/OSTconf2020-LKRG-In-A-Nutshell/), which we presented a few days ago at OSTconf.  

We've [started consolidating our Git repositories](/lists/announce/2020/08/18/2) under the newly setup [Openwall organization on GitHub](https://github.com/openwall).

August 10, 2020  

We've just [launched](/lists/announce/2020/08/10/1) [Openwall Password Recovery and Password Security Auditing Bundle](/john/cloud/) in AWS Marketplace. Start your password recovery or audit in AWS cloud in minutes, complete it within our 5-day free trial or support our Open Source project afterwards.

July 8, 2020  

[LKRG](/lkrg/) 0.8.1 is an [important bug fix release](/lists/announce/2020/07/08/1).

June 25, 2020  

[LKRG](/lkrg/) 0.8 [is out](/lists/announce/2020/06/25/1), adding support for latest Linux kernels, 32-bit ARM (LKRG 0.7 already had 64-bit), Raspberry Pi 3 & 4, improving scalability, performance, and tradeoffs, adding the notion of profiles, new documentation, Phoronix Test Suite benchmarks, and much more.

December 25, 2019  

[passwdqc](/passwdqc/) 1.4.0 [is out](/lists/announce/2019/12/25/1), adding optional non-English messages and Linux-PAM audit support.

July 21, 2019  

[LKRG](/lkrg/) 0.7 [is out](/lists/announce/2019/07/21/1), adding experimental support for ARM64 (AArch64) and grsecurity, support for Linux kernels 5.1 and 5.2 (and hopefully beyond), greater SMEP enforcement, and much more.

June 30, 2019  

[yescrypt](/yescrypt/) KDF and password hashing scheme [updated to 1.1.0 and included in Fedora and ALT Linux via libxcrypt](/lists/announce/2019/06/30/1).  

[yespower](/yespower/) PoW scheme [updated to 1.0.1](/lists/announce/2019/06/30/2).

May 14, 2019  

[John the Ripper](/john/) 1.9.0-jumbo-1 [is out](/lists/announce/2019/05/14/1).

April 12, 2019  

[John the Ripper](/john/) 1.9.0 core [is out](/lists/announce/2019/04/12/1). Stay tuned for the 1.9.0-jumbo-1 release and announcement, which will be "the real one".

February 19, 2019  

[LKRG](/lkrg/) 0.6 [is out](/lists/announce/2019/02/19/1), adding experimental poor man's Control Flow Integrity support and much more.

[News archive (since 2001)](/news#archive)

 Quick Comment:  

11162478